
Assalam o Alikum Guyz :) Tutorial By PriNcE HaxOr(FOCSofts.blogspot.com)
What is SQL Injection?
SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data. An SQL query is  a request for some action to be performed on a database. Typically, on a  Web form for user authentication, when a user enters their name and  password into the text boxes provided for them, those values are inserted into a SELECT query. If  the values entered are found as expected, the user is allowed access; if  they aren't found, access is denied. However, most Web forms have no  mechanisms in place to block input other than names and passwords.  Unless such precautions are taken, an attacker can use the input boxes  to send their own request to the database, which could allow them to  download the entire database or interact with it in other illicit ways.
OR
SQL injection is one of the popular web application hacking method.  Using the SQL Injection attack, an unauthorized person can access the database of the website. Attacker can extract the data from the database.
What a hacker can do with SQL Injection attack?
- Bypassing Logins,
- Accessing secret data,
- Modifying contents of website,
- Shutting down the My SQL server.
How to Hack Website with SQL Injection:
Step 1: Finding Vulnerable Website:
Firstly find out the website which have SQL vulnerability page, so google will help us simply search any of the dork on google.
Google SQL Dork List
After searching on google many website links will appear so open any link and you will see any website link like this
http://www.victimsite.com/index.php?id=2
Note: If you like to hack any particular website,then try this;
site:www.victimsite.com dork_list_commands
for example:
site:www.victimsite.com inurl:index.php?id=
Step 2: Checking the Vulnerability:
Now check the vulnerability of the target website. To check the vulnerability, add the single quotes(') at the end of the URL and hit enter.
http://www.victimsite.com/index.php?id=2'
After hitting Enter, if the page remains same or showing that page not found, then it is not vulnerable, but if you got an error message just like this, then it means that the site is vulnerable
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
Step 3: Find the Vulnerable columns:
Now for finding the vulnerable columns, let it be on the Havij, it will now do all the work;
Step 4: Finding Database and Users:
1. Open Havij and paste site URL in target field and click Analyze button,
2. Now wait for Havij to get all the databases of the website,
3. Now click on available Database of site and click on Get Tables.
4. By clicking Get Tables, Havij will look for the tables available in the database.
5.  Now after the scanning Havij will get all tables,now you have to check  it there table available named as admin, users and something similar to  these words like i get usuario in my website and select it and click on Get Columns.
6. Now after clicking Get Columns havij will get all the columns available in users table.
7. In my case i found different columns like id, login, pass an many more.8. Now select the columns and click on Get Data.
9. Now havij will look for the data available in columns login and password i.e admin username and password.
username --> admin password--> 21232f297a57a5a743894a0e4a801fc3 (in encrypted form)
Step 5: MD5 Hash Decrypting:
10. For cracking encrypted password just copy password click on MD5 tab in havij and paste the encrypted password in MD5 hash field and hit start. Now havij will try to crack the password.
11. Now i get Password cracked as admin.
Step 6: Find Admin Login Page:
12. Press Find Admin Button and type Homepage URL Of victim site and press Start Button.
After some time, the login page link will appear, simply copy and paste that link in your browser and use the username and password which we found out in step no. 4 and then you can login to the admin panel.
Note:Do Not Use Any Tutorial Of This Blog To Harm Anyone.This Is Only For Educational Purpose.
Note:Do Not Use Any Tutorial Of This Blog To Harm Anyone.This Is Only For Educational Purpose.
Regards :> PriNcE HaxOr







 
Post a Comment